Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: More "Fake AV" Incarnations Making The Rounds - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More "Fake AV" Incarnations Making The Rounds

Using obfuscated javascript techniques, more "Fake Anti Virus" malware is continuing to present itself to unsuspecting Internet users - in the hopes of gaining an installation through the use of rather effective, social engineering methods.

Some of the latest incarnations observed in the past 24 hours continue to maintain low levels of AV detection (less than 15% based on VirusTotal analysis), and have removed the tell-tale "TDSS" signature from its rootkit driver names (although 1 AV vendor continues to flag the initial stage malware as Rootkit.Win32.TDSS).   Other subsequent stage downloads are getting labeled as Trojan.FakeAlert.AKV and Trojan.Fakealert.MW by a few other AV vendors.

 In terms of propagation, getting a "hit" from this malware is as easy as entering a series of search terms on your favorite search engine, and unluckily picking a search result that delivers nothing more than the misleading introductory screen and fake anti-virus pop-up alerts (with their associated "D-level" english grammar).  Should you unfortunately find yourself victim to this, remember to not click anywhere on the screen, but instead use "Task Manager - Applications" to terminate the victimized web browser session.


G. N.

23 Posts
Dec 30th 2008

Sign Up for Free or Log In to start participating in the conversation!